Still Don't Know What Cyberwar Is... But The US Has A Cyberwar General Now

from the that-ought-to-help dept

It's still not clear that anyone really knows what a cyberwar is, beyond a way for some gov't contractors to scare up hundreds of millions of dollars, but Slashdot points us to the news that the US has now appointed its first "cyberwar general." The report also notes that "the US Air Force disclosed that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare". I recently heard an interview with the head of the US Air Force academy, where he repeatedly noted that the Air Force was in charge of "cyber" warfare as well. And yet, we still haven't seen any details about what this cyberwarfare threat is. We just keep hearing amorphous claims about hacking attacks that are clearly annoying, but hardly to the level of "warfare." All of this seems to be an attempt to build up malicious computer hacking to make it seem like a bigger "threat" than it really is.

Re:

If the U.S. really cared about security issues they'll fix this social security problem first. I mean, seriously, fixing the SS problem would be far cheaper than going after some imaginary cyberwar. All you have to do to alleviate the problem is change the digits into hexadecimal and allow new people who get an SS number to have a hexadecimal number. Don't remove or change any of the existing numbers of course, so those SS would still be a problem for a while for those who already have social security numbers, but it would alleviate the problem for future generations (though it wouldn't solve it). But of course the government isn't going to make an attempt to fix the SS problem until AFTER they come close to running out of SS numbers to issue people. They will keep wasting tons of money on this non - existing cyberwar instead while anyone can simply guess a valid social security number just by guessing 5 random numbers.

Re:

and the fact that they won't do anything to alleviate this much easier to fix SS problem and are instead going after some imaginary cyberwar that will cost more to "fix" just makes me wonder about their true motives. Frankly, I don't trust our government and, given what they have done to everything outside the Internet, I have many very good reasons not to and very little reason to trust them.

Re:

That's funny, when you started on about the social security problem I thought that was slightly irrelevant but true anyway. It would be pretty laughable for the US to fix the "social security problem" and yet completely avoid fixing the social security problem :P

Re: Re:

The thing is if they are truly interested in the public interest and security and privacy they would logically fix the SS problem first before going after this non existent cyberwar problem. So the fact that they ignore the real issues in place of some non existing issue logically makes me question their true motives.

Re: What is cyber war?

Re: Re: What is cyber war?

The government is building the skynet resistance. That's what this whole cyberwarfare thing is all about. They just don't want to alarm the public by letting them know that killer robots are on the loose and the cyberwar is really the resistance.

Re:

Actually I've heard about it, and AFAIK, they often don't even password protect their networks or anything. I remember constantly hearing on the news about how a government laptop got stolen with unencrypted information. this isn't something they need to spend a ton of money to fix, they just need to implement the security features that are already in place, the ones that even existing Windows and other operating systems ALREADY offer, to fix it. Why do private companies easily and cheaply get to keep their networks secure yet the government must spend a ton of money, pass tons of laws that potentially invade our privacy and restrict our rights, in the name of national security when none of it will really do anything to fix anything. From my understanding, it's just that the government doesn't implement the very most basic security measures, hardly anything worth dedicating a whole team of people and tons of resources on.

Re:

and techdirt and just about every site out there also receives constant attacks (and techdirt has been hacked before). Yet, why is it that banks seem to have little to no problems implementing reliable security measures and just about every site out there where people enter their personal information over the Net to order something across the Internet. Tons of critical transactions involving sensitive information cross the net all the time, using SSL technology, when people enter credit card information, social security numbers, bank information, over to schools and everywhere else, yet despite all this sensitive information crossing the Internet, information where there is a HUGE incentive for people to hack into, most everyone seems to have few problems keeping most everything secure across the net (most of the problems involve corporate employees who steal information, but that's a different issue and doesn't involve the net and protection from outsiders over the net). Every website faces people attempting to hack it, especially banks and whatnot, why are banks able to keep their information secure without spending nearly the same amount of money and resources on the matter as the government and without potentially invading our privacy an restricting our rights. You act like the government is the only agency that people want to hack into. Everyone else keeps everything secure at a reasonable cost, why can't the government?

Re: Re: 13

This person seems to be indicating that the government security problems are very basic ones. I don't really believe him about the alien stuff, or perhaps he stumbled upon a bunch of pictures written in Photoshop (either designed to trick unauthorized users or designed to be used for brainstorming purposes), but I do believe him about the lack of network security. After all, he did hack into their systems and the U.S. government did want to get him in trouble for that. This guy suggests they even use blank passwords. I don't find it difficult to believe either. Maybe they improved a bit since then on some of their computers but they probably still implement easy and cheap to improve security measures.

us govt computer systems are under attack all day everyday, from morons trying to find the existence of aliens to people trying to get launch codes, to just trying to deface the CIA's homepage, its a war you don't really hear about

lost laptop you hear about, physical security on people is a lot harder to do than securing your network

as more and more of what we do is network, over the internet etc..the war will grow, but news won't be covering it
because you don't have the clearance to hear about the attacks

Re:

"lost laptop you hear about, physical security on people is a lot harder to do than securing your network"

That's just it, it's not difficult, and it is certainly NOT more difficult than securing your network. EVER hear of truecrypt? It's VERY easy to implement some encryption technology on your laptop and to put it on all laptops as a rule than to find every security hole in a network. When you say it's more difficult you are merely showing your ignorance. If the government has took this long to simply begin putting in place encryption technology on laptops, encryption technology that has existed for quite some time now, I can reasonably assume that their network security sucks because they fail to implement some very basic, cheap, and already existing security measures. It's not hard to implement encryption on your laptop, private companies do it, why can't the government and why does it take the government so long?

Re: Re: Re:

and no one said they have to use truecrypt, they can invent their own, why does it take them so long? Everyone else invented and implemented encryption protocols on their laptops a long time ago, why does it take so darn long for the government to keep up with the rest of the world? Why can't they take five minutes to review and approve Trucrypt (they have the source code, it's well implemented software, there is nothing wrong with it) at least temporarily until they make their own, in opposed to keeping everything unencrypted. I mean, that's my point, getting government approval to do something simple like implement truecrypt or their own encryption protocol is something they're too lazy to do, yet they want to spend tons of money and resources on this imaginary cyberwar when they can't even be bothered to implement much simpler solutions that would be cheaper and do far more to improve their security.

not a war

"us govt computer systems are under attack all day everyday, from morons trying to find the existence of aliens to people trying to get launch codes, to just trying to deface the CIA's homepage, its a war you don't really hear about"

Because it's not a war. To call these kinds of attacks "warfare" is to distort the meaning of the word "warfare" beyond belief. In war, whole populations suffer and die. In cyberspace there is no carnage.

US govt computer are indeed under attack, as are everyone else's systems, many with equally sophisticated and frequent attackers. It's a computer security problem, requires attention and vigilance, and can be handled adequately by unarmed geeks. It is certainly nothing at all like "war".

It's YOU who don't know what cyberwar is

Probably, Mike you don't know "what cyberwar is" because you have zero technical background. You have fun posts about law, economics and politics, but when you touch technical subjects - you always make yourself look stupid. You know, ability to put stuff on internet don't makes you network specialist.

Cyberwar is not only "let's deface enemy website". It's ability to hack into communication networks, reverse engineer enemy hardware or software, distribute propaganda, and so on.

You think all this have no military application? Wait until US soldiers go into trap because GPS signal was forged; or plane crashing because communication network was hacked or ... list can be continued to infinity.

Re: It's YOU who don't know what cyberwar is

You have fun posts about law, economics and politics, but when you touch technical subjects - you always make yourself look stupid.

I like how your comment doesn't actually disprove anything I said, but focuses entirely on a personal attack. That makes me think I'm more right than you can imagine.

But, frankly, I've discussed this issue with tons of security experts who all agree with me that the whole thing has been blown out of proportion.

Cyberwar is not only "let's deface enemy website". It's ability to hack into communication networks, reverse engineer enemy hardware or software, distribute propaganda, and so on.

That's espionage. It's not war. And it's not new. And putting a lame "cyber" in front of it is pointless and distracting.

You think all this have no military application? Wait until US soldiers go into trap because GPS signal was forged; or plane crashing because communication network was hacked or ... list can be continued to infinity.

Yes, we can all make up science fiction stories. That's very convincing.

Re: Re: It's YOU who don't know what cyberwar is

>> Not true, but okay.
Posting stuff on Internet give you exactly zero knowledge about inner workings of network or computers for example. May be I missed something, but - do you happen to have degree in engineering field? What do you mean "no"?

>> That's espionage. It's not war.
My head exploded on this one. Yea, you can do espionage without official war, but you can have war without killing people directly. See "Cold War" for more reference.

>> Yes, we can all make up science fiction stories. That's very convincing.
Don't be proud of lack of appropriate education and related knowledge.

Re: Re: Re: It's YOU who don't know what cyberwar is

"Posting stuff on Internet give you exactly zero knowledge about inner workings of network or computers for example. May be I missed something, but - do you happen to have degree in engineering field? What do you mean "no"? "

What does an engineer know about wars and how to define them?

"My head exploded on this one. Yea, you can do espionage without official war, but you can have war without killing people directly. See "Cold War" for more reference."

but the cold "war" was still carried out with the force of arms, or potential arms, or the threat of violent arms.

"a conflict carried on by force of arms, as between nations or between parties within a nation; warfare, as by land, sea, or air. "

Why doesn't the government and those begging for government money use some other term besides "war." Why not say they're a cyber security company or that the government is investing against cyber security. I know, because misusing the word war gets more money, attention, and government backing and it helps the government get more alleged justification to unduly exercise their authority over the population, waste money and resources, invade our privacy and restrict our rights.

Re: Re: It's YOU who don't know what cyberwar is

or maybe systems should be developed which have reliable backup mechanisms ?

Yeah, lfroen doesn't seem to really know what he's talking about. The military has access to encrypted GPS systems that would be very hard to "forge". He makes it sound like he thinks they're dependent on consumer grade stuff from Best Buy or something.

About ten years ago, French intelligence agents rigged a weapons system trial by jamming GPS signals that caused competitors to fail the testing. This wasn't even a war, just a sales pitch. China spends billions of dollars on cyber warfare and has an entire branch of the military dedicated to it.

What if China launched a DDoS attack at every US military computer resource as a prelude to a first strike? It's not science fiction, it's what I do for a living every day. Stick to bitching about copyright law and stay away from subjects you have lack expertise.

Re:

Re:

"About ten years ago, French intelligence agents rigged a weapons system trial by jamming GPS signals that caused competitors to fail the testing."

Signal jammers have been around for ... a very long time. the idea of jamming isn't rocket science, it's common sense, and I don't see how a cyberwar committee is going to stop a signal jammer. This has nothing to do with the Internet.

Re:

About ten years ago, French intelligence agents rigged a weapons system trial by jamming GPS signals that caused competitors to fail the testing.

Umm, so?

What if China launched a DDoS attack at every US military computer resource as a prelude to a first strike?

Well, it certainly wouldn't cripple the US military in any meaningful way because the military isn't stupid enough to rely on the public Internet like that. At worse, it would be a minor annoyance. Or it might even bee looked upon as a courtesy announcement.

It's not science fiction, it's what I do for a living every day.

Heh, and I used to. In fact, I was one of the developers of one of the main systems the US military uses for cyber defense that you probably use. So I'm very familiar with the situation and while I'll admit that terms like "cyberwar" are good for procuring funding, there's really never been any such thing.

Stick to bitching about copyright law and stay away from subjects you have lack expertise.

Re: Re:

Electronic Countermeasures

Signals and communications security has been a part of the military, and governments for a very very long time.

Someone claiming to have broken into a military system, might just be breaking into the militaries public servers, that probably hosting their web page, and mabey dealing with internal and non-critical emails. (from family and friends etc).

But anything operational, is not sent over the internet, it's sent on specific and dedicated secure networks, that DO NOT connect to the internet at all.

They use, encryption routinely, even with voice communications, they do not use some encryption program that someone has written, they use decided encryption machines, in security their is a "need to know" rule, so if you dont need to know some information, you dont get to see it.

Military, do not make public their communication methods, security practices or the likes to the general public.

You are being quite misinformed, if you think communications security is not a part of warfare, and that is is something that military, and governments have employed as soon as the technology is available, (or develop their own).

You might want to do a bit of research on things like the major Russian goverment sponsored attack on the Caurcuses it was a massive DDoS attack, and crippled most of the coutry that was the focus of the attack.

Electronic countermeasures, is the original term for what you call "cyberwar". and if you dont understand that electronic countermeasures have been in use in war, and peace time since the begining of the information age, and the start of radio.

All militaries, and governments have electronic countermeasures, for communications systems, radar (chaff ect), sonar, and so on,, everything.

what would be the effect of hacking into the GPS satellites and reseting their position data, so that US launched missiles turn around and land on the person who sent it, or ships run aground or aircraft run into mountains. It's all possible, if the group has enough determination, and you cannot possibly predict the vectors for the attack, so like all attacks you dont know how it's going to occur, you have to take measures to protect again all possible attacks.

That is what a security general is for, and you are very nieve if you think these measures are unnessary.

Mabey the "security experts" you talk too are not quite the experts you think they are. And thats in admissable hearsay anyway, (i know I guy who told me this so it must be true).. Nice try.. But I dont buy it.

Re: Electronic Countermeasures

"But anything operational, is not sent over the internet, it's sent on specific and dedicated secure networks, that DO NOT connect to the internet at all."

So then they have everything under control, there is no need to spend all this money on this cyberwar since they have their own cybernetworks that aren't connected to the Internet. Why spend money on Internet security and monitoring citizens, etc... if their vital communications aren't even on the Internet but are on their own secure networks that aren't attached to the Internet.

Re: Electronic Countermeasures

Signals and communications security has been a part of the military, and governments for a very very long time.

Someone claiming to have broken into a military system, might just be breaking into the militaries public servers, that probably hosting their web page, and mabey dealing with internal and non-critical emails. (from family and friends etc).

But anything operational, is not sent over the internet, it's sent on specific and dedicated secure networks, that DO NOT connect to the internet at all.

They use, encryption routinely, even with voice communications, they do not use some encryption program that someone has written, they use decided encryption machines, in security their is a "need to know" rule, so if you dont need to know some information, you dont get to see it.

Military, do not make public their communication methods, security practices or the likes to the general public.

You are being quite misinformed, if you think communications security is not a part of warfare, and that is is something that military, and governments have employed as soon as the technology is available, (or develop their own).

So far, all true.

You might want to do a bit of research on things like the major Russian goverment sponsored attack on the Caurcuses it was a massive DDoS attack, and crippled most of the coutry that was the focus of the attack.

I think we're talking about the US military, not the "Caurcuses". If *their* military relies on the public internet, that's just stupid.

Electronic countermeasures, is the original term for what you call "cyberwar".

No, it isn't, and that's where you go off the rails. It you'd bother to read the article, you would see that it was referring to the Internet, not the whole field of electronic signals and communications. "Cyberwar" does NOT refer to the whole field.

All militaries, and governments have electronic countermeasures, for communications systems, radar (chaff ect), sonar, and so on,, everything. what would be the effect of hacking into the GPS satellites and reseting their position data, so that US launched missiles turn around and land on the person who sent it, or ships run aground or aircraft run into mountains. ...blah blah blah...

None of which generally has much to do with the public Internet.

That is what a security general is for, and you are very nieve if you think these measures are unnessary.

Again, that's not what's being discussed. You seem to be trying to make a "cyberwar general" for the Internet into some kind of overall "security general" as if though they're the same thing. They're not.

Mabey the "security experts" you talk too are not quite the experts you think they are. And thats in admissable hearsay anyway, (i know I guy who told me this so it must be true).. Nice try.. But I dont buy it.

Re: Electronic Countermeasures

"You might want to do a bit of research on things like the major Russian goverment sponsored attack on the Caurcuses it was a massive DDoS attack, and crippled most of the coutry that was the focus of the attack."

We don't know what, if any effect, it had on secure signals (the military term isn't internet it's signals) it may have had in Georgia, the state that was the target.

Personally I suspect it was severe as Georgia's military signals structure was "inherited" from the USSR as it collapsed unlike the USA or NATO which has it's own signals establishment that spent a lot of it's time from the beginning of the Cold War until it ended protecting itself from intrusion, interception and decryption by the Soviets.

In short this is, as you point out, nothing new.

If it's the public internet that they're concerned with then that is new. While it makes sense to try to defend a communications system that is vital to commerce, business and many other functions of a "wired" world there's also the minor detail that just where does a military draw the line on what needs defending and what doesn't?

The reality is that what they seem left with is a military version of whack-a-mole as they try to look everywhere all the time without any systemic way of defending what needs defending which is a small fraction of the traffic on the Internet. Things like credit and debit card transactions need don't apply in this case. Neither does transmission or reception of banking transactions or information if those exchanging it aren't taking proper security measures to stop commercial, much less, military interception.

Russia's action was done to make a point. Personally, I'd rather have an intact communications system on the part of my enemy than to destroy it particularly if I've already gotten into it. (Ref: Enigma) That way I get to read signals and information at my leisure rather than pulling my hair out trying to be everywhere all at once which is simply what cyberwar implies and what doesn't make sense.

You're right on any number of rather useless points from an espionage perspective without, it seems, understanding what it is that signals espionage, in particular does.

Signals espionage doesn't destroy the bad guys communications, it breaks into it quietly then sits there are reads what it needs to read, ignoring the "noise".

You're getting too much information from things like 24 and the Bond movies without understanding just what you're talking about.

Cyber War not a physical war

Everyone here is assuming that just by the term "Cyber War" that it actually equates to war fought on a battle field. I've seen nothing but examples that depict using network based attacks on the military. All be this a far fetched example, but if you have watched Ghost in the Shell you will understand the point I am about to make. In the show you see various types of Cyber Terrorism. Companies attacking other competing companies. Individual groups attacking governments, companies, etc... Granted attacks today are not going to be on the level of what is depicted in that show, but the thoughts behind them are completely plausible.

What is more devastating to a country attacking a few hundred thousand soldiers or attacking an entire nation of people. What would happen say if a group of "Hackers" in China attacks Wall Street? How would our economy handle an attack of that nature? Especially in this time where we have no counter measure or laws that kind of scenario. Or how would the global economy take it if key economic super powers we suddenly cut off from the rest of the global network? Most companies have forgone the use of analog media for the day to day communications. To just switch over from a purely digital system to an analog system would cripple a company let alone a nation.

The Skinny IMHO

The military protects democracy through land, sea, and air. The next plausible threat is cyber. It only makes since to set up a command to defend this area. If you lock the front door, the back door, and the kitchen windows, but leave the bedroom windows open, guess where the attack comes from. I can't speak for how serious the threat is, or will be in the future, but better to be prepared. I will not disagree about contractors using fear to scoop profits.

Shouldn't they have called him the iWarfare or eWarfare general? I can't remember the last time we used "cyber" with a lame name for a lame idea.
But maybe if get all the countries on with the cyber warfare idea, militant dickheads will stop using real bombs on places like Iraq and entertain themselves with cyber wars.

Not 24, there is a real world outside of "the idiot box".

"You're getting too much information from things like 24 and the Bond movies without understanding just what you're talking about."

Actually, my experience is from 20 years as a communications and cryptography specialist in the Military forces. And in the area of electronic counter measures.

with top level, security clearence, not watching "24", but my making my career as a specialist in that field.

What do you think convernional warfase is also if it is not a constant game of "whack a mole"?

But there is a specific division between signal's interception and electronic countermeasures, you're right one is gathering, or influencing information by subsertive means, (listening in and decrypting), and there is electronic countermeasures, which involves disrupting their electronics systems, that might include jamming, spoofing, chaff, even EMP's and the such it is designed to destroy and or disrupt infractructure, just as it's effective if you can stop the enemies guns from firing it's effective to stop them communicating, seeing (radar), finding (gps) and so on. Is also a DEFFERENT but effective form of warfare.

And a political tactic, Voice of America broadcasts news into Europe and Russia, Russia build huge transmitters to jam the transmissions, that is not signals interception is ECM or electronic countermeasures, two different things.

Cyber war is real -

Mnay seem to overly simplify the term "warfare" to mean some guy running down the street shooting a gun!.

So if you fly over a city. and drop lengths of wires over the power substation transformers, blowing them by overload is not an act of warfare.

At part of conflict and war is destroying or reducing infrastructure, commerce and unwinding the "war machine" of the enemy, so you would consider blowing up dams in Germany during world war 2 not actually warfare ?

So if you perform cyber attacks on US businesses and infrastructure, reducing their ability to defend themselves or reducing public confidence, it has the same effect as disabling a power station, or disrupting the rail system, it reduces the ability of a country to function as a country, by a specific and deliberate action of an enemy.

That is how cyber war can effect a country, and it's ability to function, it does not have to be direct attacks on military targets, it can be attacks on infrastructure.

Signal jaming, is exactly the same as a DDoS attack, in many respects, it's an IP address instead of a RF frequency, and it's placing so many signals on that frequency / IP address that signals or packets will get lost, it's flooding the reciever with too many signals.

Mabey you cant break into the computers of a military base, but you may be able to break into the computers of the catering company that supplies it with food, and disrupt the supply of food to the military. That might require more man power to do manually, therefore less manpower is available for other purposes, may even the solders would have to collect and process the food wile the catering company recovers, again a strain on manpower. and an effective weapon of war.

To write it off as nothing important is asking for trouble, and shows a lack of real world understanding.